Set up new RH6 server and am trying to ssh to it from another RH server and not getting a login prompt.
- serverA (old): uname -a returns "Linux <servername> 2.4.21-63.ELsmp #1 SMP <date & time> i686 i686 i386 GNU/Linux" - serverB (new): uname -a returns "Linux <servername> 2.6.32-71.24.1.el6.x86_64 #1 SMP <date & time> x86_64 x86_64 x86_64 GNU/Linux) - can ssh to both servers using Putty from a windows PC successfully - can ssh from serverB to serverA - cannot get a login prompt from serverB when attempting to ssh to it from serverA (times out)
have tried: - turned firewall off on serverB - ran "/etc/rc.d/init.d/iptables stop" - added serverA to /etc/hosts file - from serverA have used - ssh serverA - ssh <username>@serverA - ssh -p 22 <username>@serverA - ssh <serverB ip address> - can successfully ssh back to serverA from serverA - ssh <username>@localhost - can successfully ssh back to serverB from serverB - ssh <username>@localhost
What am I missing that would allow serverA to ssh to serverB? Obviously ssh is working on both servers as I can ssh into both of them with putty from a windows PC. They are obviously "talking" since I can ssh FROM server B to serverA. I just can't ssh from serverA to serverB (the new server).
Thank you for whatever advice/suggestions you might have. It's been a number of years since I've worked with Linux/Unix and I know I'm missing something.
Msg#: 4304972 posted 3:20 am on Apr 28, 2011 (gmt 0)
Hi RonD, first of all Welcome to WebmasterWorld!
SSH has different authentication methods with username/password, certificates and keyboard interactive. It could be that the SSH client of server A is trying an authentication method which is not enabled on server B.
A second option could be the /etc/hosts.allow file on server B. There could be some rules affecting SSH requests from remote servers.
I tried ssh a while ago on a brand new windows server and got hundreds of hack attempts. I turned it off after an hour. If I ran it again I would change the port to obscure it. Could that be what's happened here?
lammert - thank you for the welcome and information. I've checked the /etc/hosts.allow file on serverB & added serverA (didn't help). I have discovered (keep in mind, I've only been here 2 months and inherited this infrastructure) that serverA has both "authorizedkeys" and "known-hosts" files under ~/.ssh/. The "known-hosts" file has several entries in it, all indicating "ssh-rsa" and the key. It's been over 10 years since I've done hands-on work with Unix/Linux, so I'm looking for some guidance on what to do. It's a bit confusing, at least to me, that the authorizedkeys would impact SSH as I'm able to ssh INTO the server from other systems not listed in the "known-hosts" file. The problem appears to be doing an ssh FROM serverA to another system. I've used scp from serverB to copy the 2 files from serverA - still no success.
dstiles - thank you for the suggestion, but I don't think that's the problem as I can ssh into both servers using Putty from my desktop just fine. The problem continues to be using ssh FROM serverA to another machine - almost like ssh isn't making it out.
Msg#: 4304972 posted 2:45 am on Apr 29, 2011 (gmt 0)
that serverA has both "authorizedkeys" and "known-hosts" files under ~/.ssh/. The "known-hosts" file has several entries in it, all indicating "ssh-rsa" and the key.
The known-hosts entries are those servers which you have had contact with SSH-ing from serverA to the outside world. You should check if the serverB is listed in the known-hosts file. If that is the case, both servers were able to talk with each other, they only couldn't agree on the authentication type.
Most important are differences in the /etc/ssh/sshd_config files on the two servers. That file configures the SSH daemon which accepts incoming requests.
Issue has been resolved. After thinking about what did work and what didn't work, I had our network monitoring team look at our firewall and it was blocking ssh requests coming from serverA. They put a rule in to allow ssh from serverA to serverB only and it's working now.
Thank you all for your suggestions and recommendations.